Make a DHCP server using Fedora - Help
Les Mikesell
lesmikesell at gmail.com
Wed Nov 19 16:12:54 UTC 2008
Antonio Olivares wrote:
> --- On Wed, 11/19/08, Les Mikesell <lesmikesell at gmail.com> wrote:
>
>> From: Les Mikesell <lesmikesell at gmail.com>
>> Subject: Re: Make a DHCP server using Fedora - Help
>> To: olivares14031 at yahoo.com, "Community assistance, encouragement, and advice for using Fedora." <fedora-list at redhat.com>
>> Date: Wednesday, November 19, 2008, 5:55 AM
>> Antonio Olivares wrote:
>>> No, there is DNS, and they are the same as the host
>> machine. It might be another little thing, maybe the packet
>> forwarding or Iptables stuff?
>>> Thank you very much for your guidance :)
>>> It is much closer than before.
>>>
>> You have to deal with routing and NAT somewhere. You might
>> avoid it if you run a nameserver and squid proxy on the host
>> and configure the clients to use the proxy. Otherwise you
>> need the host to route the packets if you have a NAT gateway
>> elsewhere, or to route and NAT if nothing but the host knows
>> about this subnet.
>>
>> -- Les Mikesell
>> lesmikesell at gmail.com
>
> I added the following and saved them iptables-save
>
>
> upon reading another page:
> http://chwang.blogspot.com/2007/11/making-linux-fedora-core-8-as-gateway.html
The advice to add:
net.ipv4.ip_forward = 1
to /etc/sysctl.conf only takes effect after the next reboot. If you
want to change this on the fly you can:
echo 1 > /proc/sys/net/ipv4/ip_forward
> it says iptables and has this part:
>
> # Forward all packets from eth1 (internal network) to eth0 (the public internet)
> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> # Forward packets that are part of existing and related connections from eth0 to eth1
> iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
> # Enable SNAT functionality on eth0. a.b.c.d are generally the ip of the eth0
> iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source a.
>
> I added everything here except last line "Enable SNAT", I do not know what that means, I know it is close. I can ping the host machine, it gets an ip, it gets DNS, and all, but cannot surf :(
Anywhere you send packets needs some way to get the response back to the
sender. One way to do this is to plan things so all of your private
subnets are unique and add routes toward the gateway interfaces for
everything else. Another way is to NAT the source address as it goes
out the already-known interface. That way the rest of the world does
not need to know about your new private subnet. As a packet goes out,
the source address of the client will be replaced with the address of
the forwarding interface and the host performing this will maintain a
table of connections to do the reverse mapping as the reply packets come
back. If you tcpdump your eth0 interface now, you'll probably see
packets being forwarded out but nothing coming back because the rest of
the net/world doesn't know the route back. When you add the SNAT, it
will look like the host machine itself to the rest of the world. The
argument to -s is the range of original addresses to replace, -o is the
outbound interface, and --to-source is the IP of the outbound interface
on the host.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list